CVE-2026-49374PATCHED

jetbrains · teamcity

CVE-2026-49374: In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters

Description

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters

Affected Products

Vendor	Product	Versions
jetbrains	teamcity	0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
jetbrains	teamcity	cert_advisory	90%

References

https://www.jetbrains.com/privacy-security/issues-fixed/

Related News (2 articles)

Tier B

BSI Advisories16d ago

[NEU] [mittel] JetBrains TeamCity: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB18d ago

CVE-2026-49374 | JetBrains TeamCity up to 2026.0 authorization

→ No new info (linked only)

CVSS 3.17.6 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

Patch available

2026.1

CWECWE-862

PublishedMay 29, 2026

Last enriched18d agov2

Trending Score6

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

PRE-CVE

Security vulnerability in JetBrains GoLand prior to 2026.1.3

Trending: 20

HIGHCVE-2026-49373

CVE-2026-49373: In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

Trending: 7

HIGHCVE-2026-49366

CVE-2026-49366: In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

Trending: 7

MEDIUMCVE-2026-49376EXP

CVE-2026-49376: In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin

Trending: 6

HIGHCVE-2026-49371

CVE-2026-49371: In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible

Trending: 6

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 29, 2026

Discovered by ZDM

May 29, 2026

Updated: severity, affectedVersions

May 29, 2026

Patch Available

May 29, 2026

Version History

Last enriched 18d ago

v2Tier C18d ago

Updated severity to CRITICAL and affected versions to include 2026.0, while noting no exploit exists.

severityaffectedVersions

via VulDB

v119d ago

Initial creation